# Configuration for libnss-tacplus

# debug - If you want to open debug log, set it on
# Default: off
# debug=on
{% if debug %}
debug=on
{% endif %}

# local_accounting - If you want to local accounting, set it
# Default: None
# local_accounting
{% if local_accounting %}
local_accounting
{% endif %}

# tacacs_accounting - If you want to tacacs+ accounting, set it
# Default: None
# tacacs_accounting
{% if tacacs_accounting %}
tacacs_accounting
{% endif %}

# local_authorization - If you want to local authorization, set it
# Default: None
# local_authorization
{% if local_authorization %}
local_authorization
{% endif %}

# tacacs_authorization - If you want to tacacs+ authorization, set it
# Default: None
# tacacs_authorization
{% if tacacs_authorization %}
tacacs_authorization
{% endif %}

# src_ip - set source address of TACACS+ protocol packets
# Default: None (auto source ip address)
# src_ip=2.2.2.2
{% if src_ip %}
src_ip={{ src_ip }}
{% endif %}

# server - set ip address, tcp port, secret string and timeout for TACACS+ servers
# Default: None (no TACACS+ server)
# server=1.1.1.1:49,secret=test,timeout=3
{% for server in servers %}
server={{ server.ip }}:{{ server.tcp_port }},secret={{ server.passkey }},timeout={{ server.timeout }}{% if server.vrf %},vrf={{ server.vrf }}{% endif %}{{''}}
{% endfor %}

# user_priv - set the map between TACACS+ user privilege and local user's passwd
# Default:
# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/bin/bash
# user_priv=1;pw_info=remote_user;gid=999;group=docker;shell=/bin/bash

# many_to_one - create one local user for many TACACS+ users which has the same privilege
# Default: many_to_one=n
# many_to_one=y

